问题描述
我写了一个简短的C ++程序来对一个文件进行XOR加密,这可以用于一些个人文件(如果它被破解,这不算什么 - 我只是为了防止休闲观看者)。基本上,我拿一个ASCII密码,并反复使用文件中数据的密码。然而,我很好奇,但如果有人想破解,他们会去吗需要很长时间吗?这是否取决于密码的长度(即,大O是什么)?
XOR加密的问题是对于长时间运行的相同字符,很容易看到密码。这样长的运行是文本文件中最常见的空格。说你的密码是8个字符,文本文件在某一行有16个空格(例如,在ASCII图形表的中间)。如果您只是使用您的密码进行XOR,您将看到该输出将具有重复的字符序列。攻击者只会寻找任何这样的东西,尝试猜测原始文件中的字符(空格将是第一个候选人尝试),并从重复组的长度导出密码的长度。
二进制文件可能会更糟,因为它们通常包含 0x00 字节的重复序列。显然,与这些XORing是无效的,所以您的密码将在输出中以纯文本显示!具有长序列空值的非常常见的二进制格式的示例是 .doc 。
I wrote a short C++ program to do XOR encryption on a file, which I may use for some personal files (if it gets cracked it's no big deal - I'm just protecting against casual viewers). Basically, I take an ASCII password and repeatedly XOR the password with the data in the file.
Now I'm curious, though: if someone wanted to crack this, how would they go about it? Would it take a long time? Does it depend on the length of the password (i.e., what's the big-O)?
The problem with XOR encryption is that for long runs of the same characters, it is very easy to see the password. Such long runs are most commonly spaces in text files. Say your password is 8 chars, and the text file has 16 spaces in some line (for example, in the middle of ASCII-graphics table). If you just XOR that with your password, you'll see that output will have repeating sequences of characters. The attacker would just look for any such, try to guess the character in the original file (space would be the first candidate to try), and derive the length of the password from length of repeating groups.
Binary files can be even worse as they often contain repeating sequences of 0x00 bytes. Obviously, XORing with those is no-op, so your password will be visible in plain text in the output! An example of a very common binary format that has long sequences of nulls is .doc.
这篇关于XOR加密有什么问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!